Neil O’Farrell with the ID Theft Council says the information will be sold on the black market and thieves are likely to contact victims, phishing for more information.

“When we thought it was just credit card numbers, that’s easy enough. But now you have so much information out there that you can’t cancel, that you can’t take back,” O’Farrell said.

Online customers of both Target and Neiman Marcus were not affected. Neiman Marcus says it first became aware of the breach in December.

“We informed federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor and a leading forensics firm to investigate the situation,” officials with Neiman Marcus said in a statement.

“They said my card was used to order a Domino’s pizza in India. It was also used 60 times on the Internet to order products, which really scared me,” said Target customer Gary Bogan.

As the fear–and the number of victims–grows, no arrests have been made.

The law requires retailers report theft of personal information and Target has involved the Maryland Attorney General’s Office in high level updates about the investigation.

The Secret Service and the Department of Justice are both investigating.

Target is offering one year of free credit monitoring to all Target customers, not only to those customers who had information compromised in the data breach. Interested consumers can register for the free credit monitoring at creditmonitoring.target.com.

Consumers with questions are encouraged to visit target.com/databreach or to contact Target directly at 866-852-8680.

WJZ general assignment reporter Mike Hellgren came to Maryland's News Station in the spring of 2004 from KARK-TV, an NBC affiliate station in Little Rock, Arkansas where he worked as a general assignment reporter, as well as fill-in anchor. Solid...